chore: sync files with stordco/common-config-elixir (#91)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
stordco · Jul 24, 2024 · 2c013fe · 2c013fe
1 parent ba97bf3
commit 2c013fe
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 2 deletions.
diff --git a/.credo.exs b/.credo.exs
@@ -81,7 +81,7 @@
         # You can customize the priority of any check
         # Priority values are: `low, normal, high, higher`
         #
-        {Credo.Check.Design.AliasUsage, [priority: :low, if_nested_deeper_than: 2, if_called_more_often_than: 2]},
+        {Credo.Check.Design.AliasUsage, [priority: :low, if_nested_deeper_than: 4, if_called_more_often_than: 2]},
         {Credo.Check.Design.DuplicatedCode, false},
         # You can also customize the exit_status of each check.
         # If you don't want TODO comments to cause `mix credo` to fail, just

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -46,7 +46,7 @@ jobs:
 
       - id: changed
         name: Get Changed Files
-        uses: tj-actions/changed-files@v43
+        uses: tj-actions/changed-files@v44
         with:
           files_yaml: |
             database:
@@ -56,6 +56,7 @@ jobs:
               - '.github/workflows/ci.yaml'
               - 'Dockerfile'
             documentation:
+              - 'docs/**'
               - 'priv/documentation/**'
               - '**.ex'
               - '**.md'
@@ -97,6 +98,9 @@ jobs:
     needs: [Changed]
     runs-on: ubuntu-latest
 
+    env:
+      MIX_ENV: test
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -231,3 +235,32 @@ jobs:
           - elixir: 1.15
             otp: 26
 
+  Trivy_Filesystem:
+    if: ${{ !startsWith(github.head_ref, 'release-please--branches') }}
+    name: Trivy Filesystem Scan
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Elixir
+        uses: stordco/actions-elixir/setup@v1
+        with:
+          github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+          hex-token: ${{ secrets.HEX_API_KEY }}
+          oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
+          oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
+
+      - name: Trivy Scan
+        uses: stordco/[email protected]
+        with:
+          github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+          scan-type: fs
+          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+
diff --git a/.github/workflows/staging.yaml b/.github/workflows/staging.yaml
@@ -26,6 +26,9 @@ jobs:
 
     runs-on: ubuntu-latest
 
+    env:
+      MIX_ENV: test
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/.trivy/fs-config.yaml b/.trivy/fs-config.yaml
@@ -0,0 +1,18 @@
+# This file is synced with stordco/common-config-elixir. Any changes will be overwritten.
+
+exit-code: '1'
+format: 'json'
+output: 'trivy-fs-results.json'
+scanners:
+  - vuln
+severity:
+  - CRITICAL
+  - HIGH
+  - MEDIUM
+  - LOW
+  - UNKNOWN
+timeout: '3m'
+vulnerability:
+  type:
+    - os
+    - library